Martin Joey Schulze discovered a flaw in the way mod_auth_mysql handles certain multibyte character encodings.
If mod_auth_mysql is configured to use use a multibyte character set that allows the backslash '\' character as part of the character encodings, it is possible to inject arbitrary SQL commands to the MySQL database server.